cobit

[CelticRaven]

anybody familiar with cobit?

just looking for pros, cons, feedback from anybody following it in their shops...

my "day job" employer is making noise about using cobit and doing IT audits. I'm a little po'd that somebody else (internal audit) would come into my control room, have access to all net os's and then tell me what they think I did wrong!

perhaps I'm a little stubborn and don't want anybody to tell me I'm doing it wrong...accepting criticism is good especially in the eyes of IT security etc, but then again everyone does everything just a little different, and I like the way I do things

would love to hear any experiences with cobit...especially the negative stuff so I can tell the admin here we don't need it!

[dpyers]

Cobits/IT Governance is a way of life among fortune 500's in the US. Ever since about three years ago when every ceo in the country had to certify to the SEC that his organization was being run effectively. Try to fight it, and you're pissing into the wind.

Quite frankly, I think you've got the wrong attitude about it. You may be surprised at what they turn up. Don't look at it as an affront to your expertise, look at it as partnering with them to improve the operation. One of their big concerns is going to be not so much the use of a particular technology or methodology, but ensuring that an audit trail is in place.

Couple of places I've worked for also use whitehat hacker firms to try to break networks and web sites. Working with cobits people isn't as much fun as working with whitehats, but it's far from being painful.